Method and apparatus for remotely updating satellite devices

What is claimed is: 1. A computer-implemented method for managing a satellite device, comprising: periodically transmitting, by the satellite device, a check-in message to a satellite management server, the check-in message including a serial number of the satellite and a current software version of the satellite device; receiving a satellite management command from the satellite management server, in response to the periodic transmission of the check-in message to the satellite management server, wherein the management command is based at least in part upon an analysis of the check-in message by the satellite management server; preserving a partition of storage that contains a state of a software of the satellite device prior to the receiving the management command to update the software; in response to the satellite device receiving the management command from the satellite device management server to stop software updates of the satellite device, setting a flag in the satellite device to stop software updates, wherein the management command is received in response to the satellite device management server determining that the satellite device has failed to successfully update software a predetermined number of times; in response to the management command received from the satellite management server being a software update command that instructs the satellite device to download a first portion of software and/or data from the satellite management server: determining whether the flag is set in the satellite device to stop software updates; in response to the flag being set to stop software updates, not requesting any portion of the software from the satellite management server, otherwise: requesting by the satellite device, that the first portion be downloaded to the satellite device; receiving, decrypting, and verifying the downloaded first portion, and installing the first portion in a storage partition; rebooting the satellite device to the storage partition to make the downloaded software and/or data active for the satellite device; in response to the satellite device failing to successfully reboot to an updated version of the software: receiving a command from the satellite management server to switch back to the preserved partition of storage; and rebooting the satellite device to the preserved partition of storage. 2. The method of claim 1 , further comprising: establishing, by the satellite device, a secure connection having 2-way transport layer security with mutual authentication with the satellite management server, prior to receiving the satellite device management command; and encrypting and digitally signing the operation and configuration data prior to transmitting the satellite device operation and data to the satellite management server. 3. The method of claim 1 , further comprising: requesting, by the satellite device, that a second portion of the software and/or data be downloaded to the satellite device; in response to determining by the satellite device, prior to receiving the second portion, that the secure connection has been lost: waiting, by the satellite device, a period of time and reestablishing the secure connection with the satellite management server; requesting, by the satellite device, that the second portion of the software and/or data be downloaded to the satellite device. 4. The method of claim 1 , further comprising: after receiving, decrypting, and verifying the downloaded first portion, transmitting a status message to the satellite management server indicating that the first portion was received, decrypted and verified. 5. The method of claim 1 , further comprising: in response to the satellite device receiving a diagnostic command tat does not require downloading the first portion of software and/or data, and the diagnostic command specifying a debug mode: setting a control software of the satellite device to activate the debug mode; logging information related to the debug mode; and encrypting, digitally signing, and transmitting the logged information to the satellite management server. 6. The method of claim 1 , wherein the satellite device comprises an antenna subsystem module of a reconfigurable holographic antenna, and the check-in message further includes power-on self-test (POST) results, configuration parameters of the reconfigurable holographic antenna, and temperature of a plurality of segments of the reconfigurable holographic antenna. 7. The method of claim 1 , wherein the satellite device is a mechanically steered antenna. 8. The method of claim 1 , wherein the satellite device is an electronically scanned antenna. 9. The method of claim 2 , wherein the secure connection is established over a high-latency, unreliable network connection whose connection cannot be verified at any given moment, and the connection is made without access to a ground-based network connection having high speed and reliability. 10. A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, causes the processor to perform operations for managing a satellite device, the operations comprising: periodically transmitting, by the satellite device, a check-in message to a satellite management server, the check-in message including a serial number of the satellite device and a current software version of the satellite device; receiving a satellite device management command from the satellite management server, in response to the periodic transmission of the check-in message to the satellite management server, wherein the management command is based at least in part upon an analysis of the check-in message by the satellite management server; preserving a partition of storage that contains a state of a software of the satellite device prior to the receiving the management command to update the software; in response to the satellite device receiving the management command from the satellite device management server to stop software updates of the satellite device, setting a flag in the satellite device to stop software updates, wherein the management command is received in response to the satellite device management server determining that the satellite device has failed to successfully update software a predetermined number of times; in response to the management command received from the satellite management server being a software update command that instructs the satellite device to download a first portion of software and/or data from the satellite management server: determining whether the flag is set in the satellite device to stop software updates; in response to the flag being set to stop software updates, not requesting any portion of the software from the satellite management server, otherwise: requesting by the satellite device, that the first portion be downloaded to the satellite device; receiving, decrypting, and verifying the downloaded first portion, and installing the first portion in a storage partition; rebooting the satellite device to the storage partition to make the downloaded software and/or data active for the satellite device; in response to the satellite device failing to successfully reboot to an updated version of the software: receiving a command from the satellite management server to switch back to the preserved partition of storage; and rebooting the satellite device to the preserved partition of storage. 11. The medium of claim 10 , the operations further comprising: establishing, by the satellite device, a secure connection having 2-way transport layer security with mutual authentication with the satellite management server, prior to